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1 10. (Currently amended): The method of Claim 9 n e twork of Claim 7 , said 

2 group security association further comprising: 

3 , a unique unicast security association for every station in said virtual BSS; 

4 wherein said security association is shared between each station and said PAP of 

5 said virtual BSS. 

1 11. (Currently amended): The network method of Claim 7, further 

2 comprising: 

3 a plurality of virtual BSSs, wherein each virtual BSS has its own identifier, 

4 (BSSID). 

1 12. (Currently amended): The n e twork method of Claim 1 1 , said BSSID 

2 comprising: a virtual MAC address for said virtual BSS. 

1 13. (Currently amended): The n e twork method of Claim 12, wherein said 

2 PAP receives a frame from an 802.1 1 Wireless Medium (WM) destined for one of its virtual 

3 MAC addresses; and wherein said PAP transmits a frame to said WM using one of its virtual 

4 MAC addresses as a source MAC address of said frame. 

1 14. f Currently amended): The method of Claim 9 network of Claim 7 , further 

2 comprising: 

3 a plurality of virtual BSSs supported by a shared TSF (Timing Synchronization 

4 Function), DCF (Distributed Coordination Function), and, optionally, a PCF (Point Coordination 

5 Function), at a single PAP. 

1 15. (Currently amended): The method of Claim 9 network of Claim 7 , each 

2 PAP further comprising: 

3 a single NAV (Network Allocation Vector) and PC (Point Coordinator). 

1 16. (Currently amended): The method of Claim 9 network of Claim 7 , wherein 

2 a PAP can belong to more than one virtual BSS. 
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1 17. (Currently amended): The method of Claim 9 n e twork of Claim 7 , wherein 

2 any station that is not a PAP can belong to at most one virtual BSS. 

1 18. (Currently amended): The method of Claim 9network n e twork of Claim 

2 7, further comprising: 

3 a virtual bridged LAN (VLAN) for bridging a virtual BSS with another virtual 

4 BSS by connection of each virtual BSS's PAP. 

1 19. (Currently amended): The n e twork method of Claim 18, wherein the PAP 

2 of each virtual BSS connects to a Distribution System (DS) via a trunked or untagged port of a 

3 VLAN-aware bridge. 

1 20. (Currently amended): The n e twork method of Claim 19, wherein frames 

2 transmitted to said DS carry VLAN tags known to a Distribution System Medium (DSM). 

1 21. (Currently amended): The network method of Claim 20, wherein said 

2 PAP maintains a DSM VLAN mapping that maps a VLAN tag to a virtual BSS identifier 

3 (BSSID). 

1 22. (Currently amended): The network method of Claim 7, said virtual BSS 

2 comprising any of: 

3 a Class- 1 and a Class-3 virtual BSS; 

4 wherein a PAP supports exactly one Class- 1 virtual BSS and one or more multiple 

5 Class-3 virtual BSSs; 

6 wherein a Class- 1 virtual BSS is the only virtual BSS which a station is allowed 

7 to occupy while it is in 802.1 1 State 1 or 2, as governed by said PAP; 

8 wherein when in State 3, a station is allowed to join a Class-3 virtual BSS; and 

9 wherein a Class-3 virtual BSS is determined by the kind of authentication used to 
10 authenticate said station. 
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1 23. (Currently amended): The n e twork method of Claim 22, wherein a Class- 

2 1 virtual BSSID is the BSSID field of every Class 1 and Class 2 frame that has such a field. 

1 24. (Currently amended): The n e twork method of Claim 22, wherein a Class- 

2 1 virtual BSSID is the receiver or transmitter address field, where appropriate, for Class 1 and 

3 Class 2 frames. 

1 25. (Currently amended): The n e twork method of Claim 7, wherein every 

2 virtual BSS has identical beacon frame content except for a Timestamp, Beacon interval, 

3 Capability information Privacy (Protected) bit, Service Set Identifier (SSID), security capability 

4 element, and Traffic Indication Map (TIM) element fields. 

1 26. (Currently amended): The n e twork method of Claim 22, wherein said 

2 PAP does not have to beacon for a Class-3 virtual BSS if it does not support Power-Save (PS) 

3 mode for end stations in that BSS; 

4 wherein if said PAP does beacon for a Class-3 BSS, then an SSID element in 

5 every beacon specifies a broadcast SSID; 

6 wherein a Class-3 virtual BSS is prevented from being identified through 

7 beaconing. 

1 27. (Currently amended): The n e twork method of Claim 26, wherein only a 

2 Class- 1 virtual BSS beacon has an SSID element with a non-broadcast SSID field; wherein a 

3 station can associate with a Class- 1 virtual BSS only; 

4 wherein a station can associate with a Class- 1 virtual BSS only. 

1 28. (Currently amended): The n e twork method of Claim 22, wherein every 

2 station is by default a member of a Class- 1 virtual BSS at a PAP; 

3 wherein said PAP can either authenticate a user of said station or said station itself 

4 in said Class- 1 virtual BSS; 
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5 wherein if successful, said station enters 802.1 1 State 2 at said PAP; and wherein 

6 said PAP and said station can then exchange Class 1 and Class 2 frames while in said Class- 1 

7 virtual BSS. 

1 29. (Currently amended): The n e twork method of Claim 28, wherein Class 2 

2 frames are protected cryptographically if said station and said PAP share a unicast security 

3 association after successful authentication. 

1 30. (Currently amended): The n e twork method of Claim 29, wherein said 

2 PAP and said station share a group security association after authentication; 

3 wherein said group security association is for a Class-3 virtual BSS to which said 

4 station belongs if it completes an 802. 1 1 Association with said PAP. 

1 31. (Currently amended): The network method of Claim 30, wherein before 

2 said station and said PAP can exchange Class 3 frames, said station must request Association 

3 with said Class- 1 virtual BSS from State 2; and switch to a Class-3 virtual BSS. 

1 32. (Currently amended): The n e twork method of Claim 3 1 , wherein said 

2 PAP switches said station to a Class-3 virtual BSS by responding to said station's Association 

3 Request with an Association Response MMPDU whose source address (Address 2 Field) or 

4 BSSID (Address 3 field) is a Class-3 virtual BSSID for that virtual BSS. 

1 33. (Currently amended): The network method of Claim 32, wherein said 

2 Class-3 virtual BSS is determined in one of the following ways: 

3 an authentication server in said DS specifies a DSM VLAN for a user and said 

4 PAP maps it to a Class-3 virtual BSSID using its DSM VLAN mapping; 

5 an authentication server in said DS specifies a Class-3 virtual BSS for said user; 

6 or 

7 said PAP creates a new Class-3 virtual BSS for said user; 

8 wherein said PAP may inform an authentication server of a new virtual BSS and 

9 provide it with rules for allowing other stations to join said new BSS. 
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1 34. (Currently amended): The n e twork method of Claim 22, wherein a Class- 

2 1 virtual BSS is discovered through 802.1 1 beacon or Probe Response management frames, 

3 where a BSSID field (Address 3 field) and source address field (Address 2 field) are each set to a 

4 Class- 1 virtual BSSID. 

1 35. (Currently amended): The n e twork method of Claim 22, wherein said 

2 PAP implements a MAC Protocol Data Unit (MPDU) bridge protocol which, for an MPDU 

3 received from either said DSM or said WM, said protocol addresses either of: 

4 an MPDU received from said DSM, wherein: 

5 a received MPDU has no VLAN tag or a null VLAN tag; 

6 said MPDU from said DSM is relayed to a virtual BSS if said MPDU destination 

7 address is an address of a station that belongs to said virtual BSS and said station is associated 

8 with said PAP; or 

9 if said MPDU destination address is a group address, said virtual BSS has a 

10 station that belongs to said group and said station is associated with said PAP; or 

1 1 a received MPDU has a non-null VLAN tag; 

12 said virtual BSS to which said MPDU is relayed is identified by said virtual 

13 BSSID to which said non-null VLAN tag is mapped under said PAP's DSM VLAN mapping; 

14 and 

15 if said mapping is undefined for a given tag, said MPDU is not relayed; 

16 wherein any virtual BSS to which a received MPDU is relayed has a BSSID 

17 which forms a source address (Address 2 field) of the 802.1 1 MPDU that is relayed to that 

18 virtual BSS; or 

1 9 an MPDU received from said WM, wherein: 

20 a received 802. 1 1 MPDU is relayed to a virtual BSS identified by Address 1 field 

21 of said MPDU if said MPDU destination address (Address 3 field of MPDU) is an address of a 

22 station that belongs to said identified virtual BSS and said station is associated with said PAP; or 

23 if said MPDU destination address is a group address; 

24 otherwise, said frame is not relayed to any virtual BSS; 



Page 8 of 16 



Appi. No. 10/754,402 PATENT 



Amdt. sent April 16, 2007 

Reply to Office Action of January 29, 2007 

25 wherein Address 1 field of a received 802.1 1 MPDU is a source address (Address 

26 2 field) of an 802.1 1 MPDU that is relayed to said virtual BSS identified by said Address 1 field. 

1 36. (Currently amended): The n e twork method of Claim 35, wherein said 

2 received MPDU is also relayed to said DSM if said destination address (Address 3 field of 

3 MPDU) is an address of a station that is not associated with said PAP; or 

4 if said destination address is a group address; 

5 wherein said MPDU relayed to said DSM has a VLAN tag if said DS is VLAN 

6 aware, and is untagged otherwise; and 

7 wherein said VLAN tag is a pre-image of said Address 1 field of said received 

8 MPDU under said PAP's DSM VLAN mapping. 

1 37. (Currently amended): The n e twork method of Claim 22, further 

2 comprising: 

3 means for performing encryption and decryption by applying 802.1 1 Data frames 

4 and Management frames of subtype Association Request/Response, Reassociation 

5 Request/Response, Disassociation and Deauthentication. 

1 38. (Currently amended): The n e twork method of Claim 37, wherein said 

2 encryption process used by said PAP before sending an 802.1 1 Data or Management frame to 

3 said WM comprises a mechanism that performs the steps of: 

4 identifying a security association for said frame; and 

5 then using said association to construct an expanded frame for transmission 

6 according to an encipherment and authentication code protocol. 

1 39. (Currently amended): The network method of Claim 38, wherein if a 

2 frame destination address (Address 1 field) is the address of a station then a unicast security 

3 association shared between that station and said PAP is used in said frame expansion; and 

4 wherein if said frame is a Data frame and its destination address is a group 

5 address then said MPDU bridge protocol identifies a destination virtual BSS for said frame, 
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6 wherein a group security association for said identified virtual BSS is used in said frame 

7 expansion. 

1 40. (Currently amended): The n e twork method of Claim 39, wherein a non- 

2 PAP station transmits an 802. 1 1 MPDU of type Data or Management to said DSM using a 

3 unicast security association it shares with said PAP in its virtual BSS. 

1 41. (Currently amended): The n e twork method of Claim 40, wherein when 

2 receiving an 802. 1 1 Data or Management frame from said WM, said PAP attempts to decipher 

3 and verify integrity of said frame using a unicast security association for a station identified by a 

4 source address (Address 2 field) of said MPDU. 

1 42. (Currently amended): The n e twork method of Claim 41, wherein when 

2 receiving an 802. 1 1 MPDU of type Data or Management from said PAP, a non-PAP station 

3 attempts to decipher and verify integrity of said frame using a unicast security association it 

4 shares with said PAP if a destination address of said frame (Address 1 field) is an address of said 

5 station, and by using a group security association of its Class-3 virtual BSS if said destination 

6 address of said frame is a group address. 

1 43. (Currently amended): A location-update method for updating forwarding 

2 tables of bridges, or other interconnection media, that connect Public Access Points (PAPs) 

3 together, where multiple PAPs are attached to different bridges in a spanning tree of a bridged 

4 LAN and an end station associates with one of said PAPs and then reassociates with a new PAP, 

5 comprising [[the]] steps of: 

6 said new PAP sending a directed Bridge Protocol Data Unit (BPDU) to said PAP 

7 with which said station was previously associated; 

8 wherein destination address of said BPDU is current access point (AP) address of 

9 a Reassociation Request frame, which is a Class-3 virtual BSS identifier (BSSID); and 
10 wherein source address is a hardware address of said station; 
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1 1 upon receiving a relocation MPDU at a particular port, a bridge updating its 

12 forwarding table with an entry that binds a receiving port to a source address of said MPDU; and 

1 3 said receiving bridge forwarding a relocation MPDU to its designated root port, 

14 unless said MPDU arrived on that port or said receiving bridge is a root of said spanning tree; 

15 wherein if said MPDU is received at said designated root port of said bridge or by 

16 a root bridge then it is forwarded according to a learned forwarding table of said bridge, which 

17 optionally comprises flooding said MPDU to all ports except said receiving port. 

1 44. (Currently amended): A fine bridging method for a wireless network, 

2 comprising [[the]] steps of: 

3 decoupling identification of a broadcast or multicast domain with a Basic Service 

4 Set(BSS);and 

5 determining bridging behavior of an access point (AP) by a policy expressed as a 

6 directed graph; 

7 wherein for a given policy, a broadcast domain for a node is itself and all nodes it 

8 must access; 

9 wherein said broadcast domain set of said policy is a set of broadcast domains for 

10 its nodes; and 

1 1 wherein nodes of said graph are stations and there is an edge from a first station to 

12 a second station if and only if said first station must be able to communicate with, or access said 

13 second station, such that said second station must be able to receive directed or group frames 

14 from said first station. 

1 45. (Original): The method of Claim 43, further comprising the step of: 

2 providing a group security association per broadcast domain. 

1 46. (Original): The method of Claim 45, wherein each station (node) 

2 possesses a first group security association of a broadcast domain for itself in said policy, and a 

3 second set of group security associations, one for every other broadcast domain in said policy of 

4 which said station is a member. 
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1 47. (Original): The method of Claim 46, wherein said first group security 

2 association is used by said station for sending group frames and said second set of group security 

3 associations is used for receiving group frames. 

1 48. (Currently amended): The n e twork method of Claim 42, wherein 

2 broadcast and multicast traffic in different virtual basic service sets is protected with different 

3 encipherment or authentication-code protocols in said network. 

1 49. (Currently amended): The N e twork method of Claim 42, where unicast 

2 traffic between a PAP and a station and between said PAP and another station in a virtual BSS is 

3 protected with different encipherment or authentication-code protocols in said virtual BSS. 

1 50. (New): The method of Claim 9, wherein the at least one PAP bridges an 

2 802.1 1 Wireless Medium (WM) and an 802.1 1 Distribution System Medium (DSM), or bridges 

3 said stations within said virtual BSS. 
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